DDOS attack

[zTurko]

Hello everyone,

I've been getting DDOS attacks since this morning so I'd like to know if there's a way around that

It puts me 91 pages of error: http://prntscr.com/iji539

It must surely be a manipulation to do to lower the chances of getting DDOS

 

[Ozzy47]

Talk to your host, they may offer DDOS protection.

 

[zTurko]

Talk to your host, they may offer DDOS protection.

They have an arbor protection, I am at cloudflare also pro version but they always arrive at DDOS

 

[Ozzy47]

If you are still being DDOS'd after having cloudflare, then your sites true IP is known. Ask your host to switch your IP after making sure your IP is not being leaked through:

• Email Headers
• Image and Link Proxy
• Disable all remote file upload like avatars and media gallery

 

[HybridBoy]

You have Cloudflare option set for "I'm under attack" mode and 5 minutes check?

 

[Ozzy47]

You have Cloudflare option set for "I'm under attack" mode and 5 minutes check?

If the attacker(s) already know the sites true IP, Cloudflare is useless.

 

[zTurko]

Thank you for your quick answers, I talk to my host, I would like to know how to put the original ip instead of cloudflare ip: http://prntscr.com/ijigk9

 

[Ozzy47]

If you expose your original IP, they will be able to attack you even with cloudflare enabled.

 

[Claudio]

If you expose your original IP, they will be able to attack you even with cloudflare enabled.

That's correct. In that case, a hardware firewall will be the best solution. For big forums, we set up a proxy server that acts as an intermediary for requests, so the real server IP isn't exposed.

 

[zTurko]

That's correct. In that case, a hardware firewall will be the best solution. For big forums, we set up a proxy server that acts as an intermediary for requests, so the real server IP isn't exposed.

How can I do that please?

 

[Claudio]

How can I do that please?

For hardware firewall you'll have to find a competent host like Todo10 or buy a dedicated server and pay an extra so your hosting can install it.
As regarding the proxy server that will require a sysadmin to do it for you

 

[WSWD]

You don't need a dedicated server or hardware firewall or proxy or any such nonsense. That's absolutely silly.

Any good host with DDoS protection, or CloudFlare should be able to knock this down for you without any difficulty.

Either the attacker knows the real IP of your server, in which case follow the advice of @ozzy47 or you have CloudFlare configured improperly. You are paying big bucks for CloudFlare Pro. Their support should be able to help you configure their offering properly.

 

[Skyfail]

If you are still being DDOS'd after having cloudflare, then your sites true IP is known. Ask your host to switch your IP after making sure your IP is not being leaked through:

Probably not since it looks like a Layer 7 attack that just doesn't get filtered by Cloudflare. Without any configuration Cloudflare plans below Business don't help you that much, you should look into the WAF which has some Anti DDoS rules that you can enable and as already mentioned the under attack mode.

 

[matyprot]

you need optimize mysql, default this have only 55 connections

 

[zTurko]

you need optimize mysql, default this have only 55 connections

Hello,
How to do?

 

[TPerry]

Hello,
How to do?

If on shared hosting, then that is controlled by the hosting provider and usually the only way to resolve it is to move up on your hosting plan.

If on VPS/Dedicated server it's controlled in mySQL's my.cnf file (usually either located in /etc/my.cnf or /etc/mysql/my.cnf).
It will be the max_connections = ??? segment in the config file.

 

[matyprot]

max_connections = 250

 

[TPerry]

max_connections = 250

250 is just an arbitrary number. The higher you set that, the more memory is used. If on a smaller VPS you can use an excessive amount of memory without needing to.

 

[Suzanne O]

Please tell your host this by submitting a ticket.
Also if you have any ip addresses that come up that are from some spiteful members on your forum, report them to police for hacking.

 

[Jake B.]

Thank you for your quick answers, I talk to my host, I would like to know how to put the original ip instead of cloudflare ip: http://prntscr.com/ijigk9

Add:

if (!empty($_SERVER['CF_CCONNECTING_IP'])) $_SERVER['REMOTE_ADDR'] = $_SERVER['CF_CCONNECTING_IP'];

to your config.php